XenForo Announcements

We first documented in our XenForo 1.5 End of Life Schedule a clear timeline for the end of support and updates for XenForo 1.5. Today, we have reached the first part of that timeline and from this point forward we will no longer be providing support or updates for XenForo 1.5. XenForo 2.0 and any versions prior to XenForo 1.5 are already unsupported. At the time of writing, we will only accept support tickets and bug reports for XenForo 2.1. You may still seek support on the forum, if you wish, though we would strongly urge you to join the majority of your fellow customers who are now happily running XenForo 2.1. If you need a reminder as to what has changed in the last four years since the release of XenForo 1.5, please take a look...

XenForo Resource Manager 2.2.5 Released XenForo Resource Manager 2.2.5 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Resource Manager 2.2 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo Resource Manager 2.2.5 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XFRM 2.2.5 include: Reduce query usage when listing a resource's updates Fix float overflow in resource bodies Forbid resource downloads to be embedded as images Provide an additional warning when changing a forum's type if it is assigned to a resource...

XenForo Media Gallery 2.2.5 Released XenForo Media Gallery 2.2.5 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo Media Gallery 2.2 upgrade to this release to benefit from increased stability. One-click upgrade to XenForo Media Gallery 2.2.5 Directly from your admin control panel If you are a XenForo Cloud customer, your upgrade will be scheduled automatically. Some of the changes in XFMG 2.2.5 include: Fix potential out-of-range error with adjusting media counts when albums are deleted Check moderated and deleted states when determining media comment visibility Fix incorrect variable usage in vBulletin importer Use a more generic icon for the...

XenForo 2.2.12 Released XenForo 2.2.12 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability. We're pleased to announce the introduction of two new features available in XenForo 2.2.12. New CAPTCHA provider: Cloudflare Turnstile In September, Cloudflare Turnstile was announced. You may have noticed that we quickly implemented this into the software and it has been running here now for a little while. While on the surface this may seem like "just another CAPTCHA" option, we feel that Cloudflare has gotten a lot of things right in its approach to this product that is missing from many other...

Note: This version supersedes the previously released XenForo 2.1.13. Today, we are releasing XenForo 2.1.14 to address a potential security vulnerability. We recommend that all customers still running XenForo 2.1 upgrade to 2.1.14 or use the attached patch file as soon as possible. The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted. XenForo extends thanks to @PaulB, the team at @NamePros and @Xon for reporting the issues. We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details. Applying a patch manually Download the 2114patch.zip file attached to this message. It will contain...

Today, we are releasing XenForo 2.2.11 to address a potential security vulnerability. We recommend that all customers running XenForo 2.2 upgrade to 2.2.11 or use the attached patch file as soon as possible. The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted. XenForo extends thanks to security researcher @PaulB, the team at @NamePros and @Xon for reporting the issues. We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details. Note: There are no other changes in this release and any work previously done towards XenForo 2.2.11 - including a new CAPTCHA option by Cloudflare Turnstile...

Today, we are releasing XenForo 2.1.13 to address a potential security vulnerability. We recommend that all customers still running XenForo 2.1 upgrade to 2.1.13 or use the attached patch file as soon as possible. The issue relates to HTML attribute injection which can be triggered when rendering editor content, such as when a post is edited or quoted. XenForo extends thanks to security researcher @PaulB, the team at @NamePros and @Xon for reporting the issues. We recommend doing a full upgrade to resolve the issues, but a patch can be applied manually. See below for further details. Applying a patch manually Download the 2113patch.zip file attached to this message. It will contain the following file...

XenForo 2.2.10 Released XenForo 2.2.10 is now available for all licensed customers to download. We strongly recommend that all customers running previous versions of XenForo 2.2 upgrade to this release to benefit from increased stability. This version contains a fix for an issue whereby outgoing requests from the server running XenForo could be tricked into accessing web-accessible resources on the local network. The scope to exploit this issue is limited within the core and first-party add-ons. 2.2.10 will be one of the last releases of the 2.2.x series before we move 2.3.0 to beta, but we do have a handful of things coming late to 2.2.x before that happens, including some enhanced cookie consent features to comply with the...